Overview:

SSL certificates with SharePoint 2013 web applications expire, and when that does, you have to generate a new SSL Certificate. In this post, I will go over how to renew you SharePoint 2013 SSL HTTPS website with GoDaddy, even including multi-server Web Front End (WFE’s) topologies. If you use wildcard certificates on you SharePoint websites, there are a few gotchas when renewing. The process is similar for most certificate types, but wildcards and SharePoint are this blog posts focus. These steps are also similar if you are adding a SSL certificate to your website for the first time (once your SharePoint farm, web applications, and site collections have been configured to use HTTPS, etc.).

Here is an overview of the steps involved with the certificate renew process:

Request a new certificate request from the machine running IIS/SharePoint (Pick a WFE)

Hi Eric, Thanks for such a great post 🙂
I have recieved a wildcard certificate as zip file to renew the existing old one on Sp2013 server. it is correct that I can skip step 1 to 3 and jump to step 4?
and it is a production server, will Intranet be unavailable during this task?

Difference between Rekey/Renew and Revoke:
Rekey- change info (another server or cert name), gives 72 hour to reinstall before old cert expires.
Renew- same info, another year (This is what the above blog post does)
Revoke- cancels cert and deletes it out of the account, immediately cancels.

Recommended Path:
Renew certificate, generate a new CSR (pending renewal, then download and complete), swap out cert and rebind on applications (multiple years is best to avoid this process each year)